Google, Microsoft Push Websites To Go Password-Less

At the RSA conference, Google and Microsoft demoed how websites could adopt password-free login systems with the help of Android smartphones and Windows PCs.

Say goodbye to passwords. The biggest websites in the world could replace them with fingerprint scans and facial recognition powered by Google and Microsoft.

On Friday, the two companies previewed their efforts to help internet platforms go password-less through Android smartphones and Windows PCs during the RSA security conference in San Francisco.

Want to make a purchase online? Google demoed how the fingerprint sensor on your Android phone could revamp PayPal's login process. No need to enter a password to approve that purchase. Simply scan your fingerprint, and voila: PayPal will let you into your account.

You can also do the same on a PC, but by scanning your face. Microsoft demoed how its Windows Hello feature can use a computer's webcam to read your facial features, and then grant access to your PayPal account.

Fingerprint scanning and facial recognition tech are nothing new, but getting your favorite websites to use them is. Google and Microsoft are both members of the Fast Identity Online (FIDO) Alliance, which has been pushing the tech industry to drop passwords in favor for simpler, securer ways to grant login access.

"We all know that passwords are a problem," said Brett McDowell, the FIDO Alliance's executive director. He pointed to statistics, showing that 81 percent of all data breaches in 2016 involved weak or stolen passwords falling into the hands of hackers.

"We also have a usability problem with passwords. They're clumsy, hard to remember," he added. So to solve the problem, his alliance has developed FIDO 2.0, a new standard for login systems. It does away with passwords for devices like smartphones and PCs, which can use biometrics to unlock your online account.

How does this all work? The device scans your fingerprint or face to verify your identity. It then generates a unique private key that can unlock the internet account you want to access. One big advantage this has over passwords systems is that the website never learns or stores your private key. The website simply issues a digital "challenge" that your private key can sign, which will then unlock access to the account.

Both Microsoft and Google have been pushing for FIDO 2.0's adoption. They're preparing to build the authentication technologies into their own internet browsers. On Monday, Microsoft said the next Windows 10 release would also support the standard too.

To get websites to adopt FIDO 2.0, software developer and FIDO Alliance member Nok Nok Labs is offering to help companies migrate their platforms over to the password-less login systems.

The technologies demoed on Friday were still in the pre-production stages, but McDowell said it's possible that 2019 "will be a big year" for FIDO 2.0's adoption across actual websites.

About the Author

Michael has been a PCMag reporter since October 2017. He previously covered tech news in China from 2010 to 2015, before moving to San Francisco to write about cybersecurity. His Twitter is @Michael_Kan. See Full Bio